[Full-Disclosure] Virus / Trojan

From: Otero, Hernan (EDS) (HOtero_at_lanchile.cl)
Date: 01/09/04

  • Next message: John LaCour: "RE: [Full-Disclosure] Virus / Trojan"
    To: full-disclosure@lists.netsys.com
    Date: Fri, 9 Jan 2004 15:47:43 -0400

    Today found this suspicious file attached to an email, obviously is a virus
    (our AV donīt detect it :-( ). The virus/trojan is very simple, the
    developer only put effort in obfuscate the strings inside the binary.

    The executable file try to connect to gamemaniacs.org and download a file.
    This file will be located in the system directory

    The url used in the GET is:

    gamemaniacs.org /download/get.php?dist=2
    This will download the binary saved as msvchost.exe

    any one know what virus/trojan is this?




    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: John LaCour: "RE: [Full-Disclosure] Virus / Trojan"